On the one we ran in container bbox1 in host1 , we will discuss the principles of the overlay network across hosts to communicate in detail today.
Host2 running in the container bbox2:
bbox2 IP is 10.0.0.3, can be directly ping bbox1:
Visible overlay network container can communicate directly, but also to achieve a docker DNS service.
Let's talk about the practical realization overlay network:
docker overlay network will be created for each of a separate network namespace, wherein there is a linux bridge br0, endpoint or implemented by veth pair, one end connected to the vessel (i.e. eth0), and the other end connected to the br0 namespace.
br0 In addition to connecting all the endpoint, but also a vxlan connection device for establishing vxlan tunnel with other host. Data between the container through this tunnel is in communication. Logical network topology as shown:
To view the overlay network namespace can be performed on host1 and host2 (Make sure before that performed ), we can see there is a same namespace "1-3e14e93b3e" on both host: ip netns ln -s /var/run/docker/netns /var/run/netns
This is ov_net1 the namespace, see the device on the namespace in br0.
View vxlan0 device specific configuration information indicates that this overlay to use VNI (VxLAN ID) 256.
Understand the overlay network connectivity, continue to the next section, we discuss the overlay network isolation characteristics.